From kde-core-devel Tue Apr 15 08:29:09 2014 From: Ben Cooksley Date: Tue, 15 Apr 2014 08:29:09 +0000 To: kde-core-devel Subject: Impact of Heartbleed issue on KDE.org infrastructure Message-Id: X-MARC-Message: https://marc.info/?l=kde-core-devel&m=139755059916722 Hi everyone, As i'm sure you're all aware at this point, a vulnerability of OpenSSL could lead to sensitive information being leaked by web servers. The Good News: The vast majority of our services are running on the older Debian Squeeze, which uses OpenSSL 0.9.8o and is unaffected by the issue. The Bad News: Certain services are run through a third party intermediary (Incapsula) and some services are being hosted by Debian Wheezy systems (which did use a vulnerable version of OpenSSL). All such systems under the control of KDE Sysadmin have since been patched and have had the necessary services restarted. For information on the steps taken by Incapsula please see http://www.incapsula.com/blog/heartbleed-ssl-vulnerability-fixed.html As far as we are aware, all systems under kde.org have now had the issue corrected (assuming they were affected by the issue in the first case). Sites affected: forum.kde.org community.kde.org userbase.kde.org techbase.kde.org cdn.kde.org api.kde.org dot.kde.org blogs.kde.org reviewboard.kde.org (Both Git and Subversion) At no point were Identity, Bugzilla or SCM services affected by this issue. If anyone has any questions, please let us know. Thanks, Ben Cooksley KDE Sysadmin